Novell Access Manager 3.1 SP3 User guide

Novell

www.novell.com

novdocx (en) 16 April 2010

AUTHORIZED DOCUMENTATION

Novell Access Manager 3.1 SP3 J2EE Agent Guide

Access Manager

3.1 SP3

February 02, 2011

J2EE Agent Guide

novdocx (en) 16 April 2010

Legal Notices

Novell, Inc., makes no representations or warranties with respect to the contents or use of this documentation, and

specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose.

Further, Novell, Inc., reserves the right to revise this publication and to make changes to its content, at any time,

without obligation to notify any person or entity of such revisions or changes.

Further, Novell, Inc., makes no representations or warranties with respect to any software, and specifically disclaims

any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc.,

reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to

notify any person or entity of such changes.

Any products or technical information provided under this Agreement may be subject to U.S. export controls and the

trade laws of other countries. You agree to comply with all export control regulations and to obtain any required

licenses or classification to export, re-export or import deliverables. You agree not to export or re-export to entities on

the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in the U.S. export laws.

You agree to not use deliverables for prohibited nuclear, missile, or chemical biological weaponry end uses. See the

Novell International Trade Services Web page (http://www.novell.com/info/exports/) for more information on

exporting Novell software. Novell assumes no responsibility for your failure to obtain any necessary export

approvals.

stored on a retrieval system, or transmitted without the express written consent of the publisher.

Novell, Inc.

404 Wyman Street, Suite 500

Waltham, MA 02451

U.S.A.

www.novell.com

Online Documentation: To access the latest online documentation for this and other Novell products, see

the Novell Documentation Web page (http://www.novell.com/documentation).

novdocx (en) 16 April 2010

Novell Trademarks

For Novell trademarks, see the Novell Trademark and Service Mark list (http://www.novell.com/company/legal/

trademarks/tmlist.html).

Third-Party Materials

All third-party trademarks are the property of their respective owners.

4 Novell Access Manager 3.1 SP3 J2EE Agent Guide

novdocx (en) 16 April 2010

Contents 5

Contents

novdocx (en) 16 April 2010

About This Guide 9

1 Installing the J2EE Agents 11

1.1 Overview of the J2EE Agents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

1.2 Overview of the Sample Payroll Application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

1.3 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

1.4 Software Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

1.5 Installing the J2EE Agents on JBoss . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

1.5.1 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

1.5.2 Installing and Configuring the JBoss Web Deployer Service. . . . . . . . . . . . . . . . . . . 14

1.5.3 Installing JBoss by Using the Installer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

1.5.4 Installing the JBoss Agent through the Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

1.6 Installing the J2EE Agent on WebSphere . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

1.6.1 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

1.6.2 Installing on WebSphere by Using the Installer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

1.6.3 Installing the WebSphere Agent through the Console. . . . . . . . . . . . . . . . . . . . . . . . 28

1.6.4 Configuring WebSphere for J2EE Agents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

1.7 Installing the J2EE Agent on WebLogic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

1.7.1 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

1.7.2 Installing WebLogic Agent by Using the Installer. . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

1.7.3 Installing a J2EE Agent through the Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

1.7.4 Configuring WebLogic for J2EE Agents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

1.8 Verifying If a J2EE Agent Is Installed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

1.9 Uninstalling a J2EE Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

2 Configuring the Agent for Authentication 45

2.1 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

2.2 Possible Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

2.2.1 Allowing Direct Access to the J2EE Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

2.2.2 Protecting the Application Server with the Access Gateway . . . . . . . . . . . . . . . . . . . 46

2.3 Configuring the Agent for Direct Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

2.4 Configuring Authentication Contracts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

2.4.1 Protecting Different Applications by Using Different Authentication Contracts . . . . . 49

2.4.2 Configuring Additional Authentication for Applications . . . . . . . . . . . . . . . . . . . . . . . 52

2.5 Protecting the Application Server with the Access Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . 53

2.5.1 Setting Up a Path-Based Proxy Service for an Application Server . . . . . . . . . . . . . . 53

2.5.2 Setting Up a Domain-Based Proxy Service for an Application Server. . . . . . . . . . . . 57

2.5.3 Configuring a Protected Agent for Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60

3 Clustering J2EE Agents 63

3.1 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

3.2 Creating a Cluster Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

3.3 Assigning a J2EE Agent to a Cluster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

3.4 Modifying Cluster Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

3.5 Removing a J2EE Agent from a Cluster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

6 Novell Access Manager 3.1 SP3 J2EE Agent Guide

novdocx (en) 16 April 2010

4 Preparing the Applications and the J2EE Servers 67

4.1 Preparing the Application for the Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

4.1.1 Configuring for Login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

4.1.2 Configuring for Logout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68

4.2 Configuring Applications on the JBoss Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

4.2.1 Configuring a Security Domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

4.2.2 Configuring Security Constraints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

4.2.3 Configuring for Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

4.3 Configuring Applications on the WebSphere Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

4.3.1 Configuring for Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

4.3.2 Configuring Security Role to User/Group Mapping . . . . . . . . . . . . . . . . . . . . . . . . . . 71

4.3.3 Configuring for User RunAs Roles. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

4.3.4 Configuring the Trust Association Interceptor Module for WebSphere Application . . 73

4.4 Configuring Applications on the WebLogic Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84

5 Configuring the Basic Features of a J2EE Agent 85

5.1 Enabling Tracing and Auditing of Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85

5.1.1 Tracing Events to Log Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85

5.1.2 Enabling the Auditing of Events. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86

5.2 Managing Embedded Service Provider Certificates. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86

5.3 Configuring SSL Certificate Trust. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

5.4 Modifying the Display Name and Other Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88

5.5 Changing the IP Address of a J2EE Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88

6 Protecting Web and Enterprise JavaBeans Modules 89

6.1 Configuring Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89

6.2 Protecting Web Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90

6.2.1 Creating a Protected Resource for a Web Application . . . . . . . . . . . . . . . . . . . . . . . 90

6.2.2 Assigning a Web Authorization Policy to the Resource. . . . . . . . . . . . . . . . . . . . . . . 92

6.3 Protecting Enterprise JavaBeans Resources. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92

6.3.1 Creating a Protected Enterprise JavaBean Resource . . . . . . . . . . . . . . . . . . . . . . . . 92

6.3.2 Assigning an Enterprise JavaBeans Authorization Policy to a Resource . . . . . . . . . 94

7 Deploying the Sample Payroll Application 95

7.1 Deploying the Sample Payroll Application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95

7.2 Preparing the Sample Application for the Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96

7.2.1 Configuring for Login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96

7.2.2 Configuring for Logout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96

7.3 Using the J2EE Server to Enforce Authorization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

7.4 Using Access Manager Policies to Enforce Authorization . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98

7.4.1 Creating an Employee Role and a Manager Role . . . . . . . . . . . . . . . . . . . . . . . . . . . 98

7.4.2 Creating Authorization Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100

7.4.3 Assigning Policies to Protected Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105

7.4.4 Testing the Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106

8 Managing a J2EE Agent 109

8.1 Viewing General Status Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109

8.2 Managing the Health of an Agent. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110

8.3 Managing the Health of a Cluster. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112

8.4 Managing Alerts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113

Contents 7

novdocx (en) 16 April 2010

8.5 Managing Cluster Alerts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115

8.6 Viewing Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115

8.7 Viewing Cluster Statistics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115

8.8 Viewing Platform Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116

8.9 Viewing the Status of Recent Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116

8.10 Stopping and Starting the Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117

8.11 Stopping and Starting the Embedded Service Provider . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117

8.12 Deleting an Agent from the Administration Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118

9 Troubleshooting the J2EE Agent 119

9.1 Troubleshooting the J2EE Agent Import . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119

9.2 Authorization Policies Fail for Some Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119

9.3 The Health Status Displays as “Server Is Not Responding . . . . . . . . . . . . . . . . . . . . . . . . . . 120

9.4 Auto-import Agents Fails on WebLogic Running on RedHat . . . . . . . . . . . . . . . . . . . . . . . . . 120

9.5 Error: Invalid Administration Server IP Address. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120

9.5.1 JRE Version is Wrong . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120

9.5.2 Issues With the Administration Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121

9.6 Installer Stops Responding While Installing on WebSphere . . . . . . . . . . . . . . . . . . . . . . . . . 121

9.7 Unable to Federate WebSphere Custom Profile If Agent Already Installed . . . . . . . . . . . . . 122

9.8 Authorization Fails in the WebSphere Application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122

9.9 Audit Log Event Problems on 64-Bit Platforms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123

9.9.1 JBoss Agent. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123

9.9.2 WebLogic Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123

9.10 JBoss and SSL. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124

9.11 Viewing Log Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124

9.12 Troubleshooting Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124

9.13 Adding the Listening Port in Host Aliases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126

8 Novell Access Manager 3.1 SP3 J2EE Agent Guide

novdocx (en) 16 April 2010

About This Guide 9

novdocx (en) 16 April 2010

About This Guide

This guide describes the J2EE Agents and explains how to install, configure, and manage them:

 Chapter 1, “Installing the J2EE Agents,” on page 11

 Chapter 2, “Configuring the Agent for Authentication,” on page 45

 Chapter 3, “Clustering J2EE Agents,” on page 63

 Chapter 4, “Preparing the Applications and the J2EE Servers,” on page 67

 Chapter 5, “Configuring the Basic Features of a J2EE Agent,” on page 85

 Chapter 6, “Protecting Web and Enterprise JavaBeans Modules,” on page 89

 Chapter 7, “Deploying the Sample Payroll Application,” on page 95

 Chapter 8, “Managing a J2EE Agent,” on page 109

 Chapter 9, “Troubleshooting the J2EE Agent,” on page 119

Audience

This guide is intended for Access Manager administrators. It is assumed that you have knowledge of

evolving Internet protocols, such as:

 Extensible Markup Language (XML)

 Simple Object Access Protocol (SOAP)

 Security Assertion Markup Language (SAML)

 Public Key Infrastructure (PKI) digital signature concepts and Internet security

 Secure Socket Layer/Transport Layer Security (SSL/TLS)

 Hypertext Transfer Protocol (HTTP and HTTPS)

 Uniform Resource Identifiers (URIs)

 Domain Name System (DNS)

 Web Services Description Language (WSDL)

Feedback

We want to hear your comments and suggestions about this guide and the other documentation

included with this product. Please use the User Comments feature at the bottom of each page of the

online documentation, or go to Documentation Feedback (http://www.novell.com/documentation/

feedback.html) at www.novell.com/documentation/feedback.html and enter your comments there.

Documentation Updates

For the most recent version of the Access Manager J2EE Agent Guide, visit the Novell Access

Manager Documentation Web site (http://www.novell.com/documentation/novellaccessmanager31).

10 Novell Access Manager 3.1 SP3 J2EE Agent Guide

novdocx (en) 16 April 2010

Additional Documentation

Before proceeding, you should be familiar with the Novell Access Manager 3.1 SP3 Installation

Guide and the Novell Access Manager 3.1 SP3 Setup Guide, which provide information about

setting up the Access Manager system.

Documentation Conventions

In Novell documentation, a greater-than symbol (>) is used to separate actions within a step and

items in a cross-reference path.

Installing the J2EE Agents

1

11

novdocx (en) 16 April 2010

1

Installing the J2EE Agents

The J2EE Agents allow you to use roles and other types of policies to restrict access to specific

application modules and Enterprise JavaBeans. These agents leverage the Java Authentication and

Authorization Service (JAAS) and Java Authorization Contract for Containers (JACC) standards for

Access Manager-controlled authentication and authorization to Java Web applications and

Enterprise JavaBeans.

NOTE: You cannot upgrade J2EE Agents from version 3.0 to 3.1. You must perform a fresh

installation of the 3.1 version of J2EE Agents.

Access Manager currently has J2EE agents for JBoss, WebLogic, and WebSphere servers. The

agents can be installed on Linux, Windows, Solaris and AIX platforms.

This section has the following information:

 Section 1.1, “Overview of the J2EE Agents,” on page 11

 Section 1.2, “Overview of the Sample Payroll Application,” on page 12

 Section 1.3, “Prerequisites,” on page 12

 Section 1.4, “Software Requirements,” on page 12

 Section 1.5, “Installing the J2EE Agents on JBoss,” on page 13

 Section 1.6, “Installing the J2EE Agent on WebSphere,” on page 22

 Section 1.7, “Installing the J2EE Agent on WebLogic,” on page 31

 Section 1.8, “Verifying If a J2EE Agent Is Installed,” on page 43

 Section 1.9, “Uninstalling a J2EE Agent,” on page 43

1.1 Overview of the J2EE Agents

Users of application servers, such as J2EE servers, commonly fall into one of three abstract roles:

buyer, seller, or administrator. For example, a rental car company might apply a variety of Enterprise

JavaBeans (EJB) components that offer different products and services to clients. One service could

be a specific component that enables a Web-based reservation process. In this case, the customer

could access a Web site to reserve a rental car. The seller could access a site that provides a list of

available cars and prices. Then the administrator could access a site that tracked inventory and

maintenance schedules. These components provide the basic business services for the application to

function and the tasks they accomplish require a security policy to enforce appropriate use of such

services.

Using the deployment descriptors, the application developer can set up a method to protect the

components by using abstract security role names. For example, there can be a role called Service

Representative, which protects the component that creates a rental agreement. Similarly, there can

be a role called Approver, which protects the component that approves the agreement. Although

these roles convey the intent of the application vendor or developer to enforce such security policies,

they are not useful unless these abstract role names are mapped to real life principals such as actual

users or actual roles.

12 Novell Access Manager 3.1 SP3 J2EE Agent Guide

novdocx (en) 16 April 2010

1.2 Overview of the Sample Payroll Application

Novell provides a test application,

PayrollApp.ear

, that is copied to the J2EE server during

installation of the J2EE Agents.

This sample payroll application is configured to grant access based on whether the user has an

Employee role or a Manager role.

For more information on deploying and using the sample payroll application, see Chapter 7,

“Deploying the Sample Payroll Application,” on page 95

1.3 Prerequisites

 Make sure that the system on which you want to install J2EE Agent does not have any other

Access Manager components installed on it.

 You must have a static IP address.

If you do not have a static IP address and the address assigned at boot changes, the J2EE Agent

and the Administration Console can no longer communicate with each other.

1.4 Software Requirements

Table 1-1 Software requirements

Requirements JBoss WebSphere WebLogic

Application Software JBoss 4.2.3

The JBoss server

package does not ship

on the SUSE Linux

Enterprise Server

(SLES) installation

media. To download and

install JBoss version

4.2.3, see JBoss

Application Server

Downloads (http://

labs.jboss.com/portal/

jbossas/download).

WebSphere 6.1 and 7.0 BEA WebLogic 9.2 and

WebLogic 10.0

NOTE: The 64-bit

version is not

supported on

Solaris.

 WebLogic 10.0 is

not supported on

Solaris.

Installing the J2EE Agents 13

novdocx (en) 16 April 2010

NOTE: The software versions listed in the table have been tested with the product. Higher Later

versions of the software might or might not work.

1.5 Installing the J2EE Agents on JBoss

This section describes the prerequisites and the procedure to install J2EE Agents on a JBoss

machine. You must install the J2EE Agents on the same machine as the JBoss server. For specific

requirements for J2EE Agents, see Section 1.5.1, “Prerequisites,” on page 14.

 Section 1.5.1, “Prerequisites,” on page 14

 Section 1.5.2, “Installing and Configuring the JBoss Web Deployer Service,” on page 14

 Section 1.5.3, “Installing JBoss by Using the Installer,” on page 15

 Section 1.5.4, “Installing the JBoss Agent through the Console,” on page 21

Operating System Linux: The following

operating systems are

supported on Linux:

 SUSE Linux

Enterprise Server

10 on 32-bit and

64-bit platforms.

 Red Hat 5

Windows: The following

versions of operating

systems, with the latest

support packs, are

supported on Windows:

 Windows Server*

2003

Linux: The following

operating systems are

supported on Linux:

SUSE Linux Enterprise

Server 10 on 32-bit and

64-bit platforms.

Windows: The following

versions of operating

systems, with the latest

support packs, are

supported on Windows:

 Windows Server

2003

AIX: AIX 5.3

NOTE: WebSphere 7.0

on AIX is not tested.

Linux: The following

operating systems are

supported on Linux:

SUSE Linux Enterprise

Server 10 on 32-bit and

64-bit platforms.

Windows: The following

versions of operating

systems, with the latest

support packs, are

supported on Windows:

 Windows Server

2003

Solaris: Solaris 10 on

SPARC*, X86, 32-bit,

and 64-bit platforms.

NOTE: There is no

support for Novell Audit

on Solaris for this

release.

Java JRE 1.5

NOTE: The JBoss Agent

has not been tested with

the IBM* JRE.

JRE1.5 JRE 1.5

RAM 4 GB 4 GB 4 GB

Hard Disk Space 100 GB 100 GB 100 GB

Requirements JBoss WebSphere WebLogic

14 Novell Access Manager 3.1 SP3 J2EE Agent Guide

novdocx (en) 16 April 2010

1.5.1 Prerequisites

 You must know the path where the JBoss server is installed. For more information, refer to the

JBoss documentation.

 You must know the server configuration set you have selected for your JBoss server.

 Verify that the machine meets the minimum requirements. See Section 1.4, “Software

Requirements,” on page 12.

 If you use the custom configurations for JBoss, complete the steps in Section 1.5.2, “Installing

and Configuring the JBoss Web Deployer Service,” on page 14, before you proceed with the

installation.

1.5.2 Installing and Configuring the JBoss Web Deployer

Service

The Novell J2EE Agents depend on the JBoss Web deployer service in order to use a custom JBoss

configuration. The JBoss Web deployer service must be already installed before you proceed with

the installation of the Novell J2EE Agents.

 “Verifying if the JBoss Web Deployer Service is Installed” on page 14

 “Installing the JBoss Web Deployer Service” on page 14

Verifying if the JBoss Web Deployer Service is Installed

To verify if the JBoss Web deployer service is already installed, browse to the following location

and check to see if a folder named

jboss-web.deployer

already exists:

<path-to-your-custom-configuration>/deploy/

If the folder does exist, it indicates that the JBoss Web Deployer service is installed. You can

proceed with installing the agent. For more information, see Section 1.5.3, “Installing JBoss by

Using the Installer,” on page 15.

If the folder does not exist, refer to “Installing the JBoss Web Deployer Service” on page 14 to

install the JBoss Web Deployer service.

Installing the JBoss Web Deployer Service

Follow the steps given below to install and configure the JBoss Web deployer service for your JBoss

server:

1 Enter the following command to copy the JBoss Web deployer:

cp -R <jboss-home>/server/default <path-to-your-custom-configuration>/

deploy/

Replace <jboss-home> with the home directory of JBoss.

Replace <path-to-your-custom-configuration> with the location of the custom configuration.

2 To use the custom JBoss configuration, you must disable the services that JBoss Web deployer

service depends on. To disable the services, open the

<path-to-your-custom-

configuration>/deploy/jboss-web.deployer/META-INF/jboss-service.xml

file and

comment out lines that are within the

tags. By default, JBoss depends

on the following services:

Installing the J2EE Agents 15

novdocx (en) 16 April 2010

<depends>jboss:service=TransactionManager</depends>

<depends>jboss.jca:service=CachedConnectionManager</depends>

3 Open the

<path-to-your-custom-configuration>/deploy/jboss-web.deployer/

server.xml

file, delete content within the

<CachedConnectionValve></

CachedConnectionValve>

tags.

4 Add the required security services to the

<path-to-your-custom-configuration>/conf/

jboss-service.xml

file within the

tags. For example:

<mbean code="org.jboss.security.plugins.SecurityConfig"

name="jboss.security:service=SecurityConfig">

<attribute name="LoginConfig">jboss.security:service=XMLLoginConfig</

attribute>

</mbean>

<mbean code="org.jboss.security.auth.login.XMLLoginConfig"

name="jboss.security:service=XMLLoginConfig">

<attribute name="ConfigResource">login-config.xml</attribute>

</mbean>

<mbean code="org.jboss.security.plugins.JaasSecurityManagerService"

name="jboss.security:service=JaasSecurityManager">

<attribute

name="SecurityManagerClassName">org.jboss.security.plugins.JaasSecurityMa

nager</attribute>

<attribute name="DefaultUnauthenticatedPrincipal">anonymous</attribute>

<attribute name="DeepCopySubjectMode">false</attribute>

</mbean>

5 Copy the

login-config.xml

and

standardjboss.xml

files from the

<jboss- home>/

server/default/conf

location to the

<path-to-your-custom-configuration>/conf

location.

6 Copy the

ejb-deployer.xml

file from the

<jboss-home>/server/default/deploy/

location to the

<path-to-your-custom-configuration>/deploy

location.

7 Specify the following commands to copy the additional JAR files in sequence:

cd default/lib/

cp jboss.jar jboss-j2ee.jar jbosssx.jar servlet-api.jar

jsp-api.jar jbossws* el-api.jar jboss-ejb3x.jar <path-to-your-custom-

configuration>/lib

8 Restart the JBoss application server.

9 Proceed with the installation of the JBoss Agent. For more information, see Section 1.5.3,

“Installing JBoss by Using the Installer,” on page 15.

1.5.3 Installing JBoss by Using the Installer

1 If JBoss is running, stop JBoss.

2 Download and execute the agent installer.

The license agreement page is displayed. For software download instructions, see the Novell

Access Manager Readme.

16 Novell Access Manager 3.1 SP3 J2EE Agent Guide

novdocx (en) 16 April 2010

3 Review the License Agreement, accept it, then click Next. The installation selection page is

displayed.

4 Select a directory to install the Novell J2EE agent components, then click Next. The Choose a

Java Virtual Machine page is displayed.

Installing the J2EE Agents 17

novdocx (en) 16 April 2010

5 Select a Java Virtual Machine (JVM*) to be used by the installed application.

A default JVM is displayed.

If you do not select a JVM here, the installer uses the java.home property value of the Java

runtime that is used to run the installer to proceed with the installation

6 (Optional) If you want to select another JVM, click Choose Another and browse to select the

JVM of your choice. Click Search for Others to get a list of available JVMs and select the one

you want.

7 Click Next. The Administration Server Communication page is displayed.

18 Novell Access Manager 3.1 SP3 J2EE Agent Guide

novdocx (en) 16 April 2010

8 Specify the information required for server communication between the agent and the

Administration Console:

Administration Console IP Address: Specify the IP address of your Novell Access Manager

Administration Console.

Username: Specify the username of the admin user of the Novell Access Manager

Administration Console.

Password: Specify password of the admin user of the Novell Access Manager Administration

Console.

Confirm Password: Specify the password again to confirm it.

Application Server IP Address (Current Host): Review the entered address. If your server is

configured for more than one IP address, make sure you specify the IP address of the machine

from which the Novell Access Manager Administration Console is reachable.

9 Click Next.

10 (Conditional) If you do not have the audit server installed, the J2EE installer installs the Audit

server for you. Specify the IP address of the Novell Access Manager Administration Console as

the Audit Server IP.

Installing the J2EE Agents 19

novdocx (en) 16 April 2010

11 (Conditional) If you have the Audit server installed, follow the prompts to continue using the

existing Audit server or to replace it:

11a (Conditional) To continue using the same server, click Yes to display the Audit Server

Setting page.

11b Select Use following Audit Server,then continue with Step 13

20 Novell Access Manager 3.1 SP3 J2EE Agent Guide

novdocx (en) 16 April 2010

11c (Conditional) To use another server, click No, select Use following Audit Server, then

specify an IP address for the Audit server.

12 Click Next. The Select Application Server page is displayed.

13 Click OK on the Alert when the following prompt is displayed.

14 Select JBoss, then click Next.The JBoss Application Server Settings page is displayed.

Page is loading ...

Novell Access Manager 3.1 SP3 User guide

Related papers

Other documents